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A Study of French Ccmsiunications Doctrine and Practice 

A. Statement of the Problem. 

In order properly to evaluate the state of security of French 
COTMuni cat lone , the history of French cryptographic practice must he 
studied with the purpose of finding answers to four questions: 

1. Do the French know what constitutes sound COHSEC doctrine? 

2. Do their cryptographic practices demonstrate that such 
knowledge is Indeed applied? 

3 . Do they supervise ccsrsauni cations in order to detect 
compromises and take corrective action? 

b. Do they use cryptographic systems that guarantee adequate 
security? 

Answers to these questions have been sought from two sources: 
the actual published documents of French Cryptographic Services, and 
the history of French practice as it is known to AFSA. 

B. Facts Bearing on the Problem and Discussion. 

This discussion will be concerned primarily with the ccnmunicatians 
of the Army and the Foreign Ministry because it is in these two fields 
that there 1b most current information available . 
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I. So the French, tag w what constitutes ground CCM53BC doctrine ? 

The most recent explicit statement of French COMSEC doctrine 
available is the "Instruction relative 1 ' organisation et au. faactianne- 

ment du service de la correspondence ohiffTee", issued in 1S&1 "by the 
Secretariat of State for War, General Staff of the Army, Deuxi&ne Bureau. 
Following is a translation, of Chapter 1, "Cryptographic Secrecy" of 
Section II, "Cryptograph! c Security". 

Cryptographic secrecy demands a strict observance of pre- 
cautionary measures which are sometimes neglected: certain Imprudences, 

which seem at first eight harmless, are capable, indeed, of gravely 
compraniBing the security of cryptographic systems. 

BO CRYPTOGRAPHIC SYSTEM IS PROOF AGAI8ST CERTAIN 

3MPR0BEHCES, ESPECIALLY WHEW THEY ARE REPEATED." 

Maintenance of the security of cryptography is, consequently, the 
primary condition of its employment. It demands on the part of the 
cryptographer the rigorous observance of the rules, called "General 
Security Measures" enumerated in Chapter II following, which are the 
result of numerous experiences. 

"It Is important then that In all echelons the regulations 
concerning encryption be scrupulously Observed". 

The document cited, other related documents, plus files of corres- 
pondence of the Cryptographic Section of the Army General Staff, prove 
conclusively that the French Army, at least during the War, recognized 

the need for maintenance of communication security, that it expended 
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considerable effort in the years preceding the last war in training 
cryptographers, and that it was amply aware of the ways in which 
ccmmml cations security could be maintained. Pertinent quotations 
frcm documents on the subject will be found in Tab A. 

The only documentary evidence on Diplomatic doctrine is found in 
the prefaces to certain captured codes. These prefaces give instructions 
for the use of the system, and also set forth acme general security rules. 
These rules indicate that the Foreign Ministry cryptographers, too, vere 
aware of the dangers of poor CCMBEC practice and tried to instruct the 
users of systems in ways to avoid compromising their security. 

Amy, Eavy, and Diplomatic doctrine are generally the seme an matters 
like physical security, avoidance of compromise by plain- text reference 
to code messages, need for paraphrasing when communicating code text to 



a third person, and varying of indicators in enciphered code telegrams. 




Most of the rules are apparently known, also, in at least acme quarters 



of the Diplomatic service. For example, the principle that a given^P o 3 „ 3 i^,^, lo _ 

PL 86-36/50 USC 3605 

system should be used for correspondence of a certain classification 
is not unknown. / 
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While there are meny similarities in Army, tiavy and Foreign Ministry 
doctrine with respect to cryptographic practice, there are certain 
differences, scans of which appear traceable to mere lack of a specific 

doctrine on the part of the Foreign Ministry. 
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There is noted one major doctrinal difference: the Foreign Ministry 

allows the use of unenciphered code. Furthermore, although same highly 
classified codes are accompanied by the warning that they must never be 
used unenclphered, other’s have been officially used both enciphered end 
unenclphered, thus affording an excellent opening for cryptanalytic 
study. The Army's position, as deduced frcsn several statements in 
instructional documents, is that the originator decides whether a tele- 
gram is to be enciphered or not. If it is to be enciphered, however, 
"Simple encipherment is, in general, insufficient to insure the security 
of the texts". Plain codes, the doctrine runs, are susceptible of 
analysis, especially if widely used, and furthermore, codes can be 
secretly photographed. Therefore, "all radio-telegrams must be in 
enciphered code. It Is absolutely forbidden to send radio-telegrams in 
unenclphered code." As a result of the application of these opposite 
doctrines, there is no case inown of Army use of plain code, whereas 



EO 3.3(h)(2) Amy doctrine recognizes the problem of repetition of stereotyped 

PL 86-36/50 USC 3605 

expressions (especially at beginnings and ends of messages) and urges 
the use of nulls and variation in placement of internal numb ore, 
addresses, message references, etc. Diplomatic awareness of this problem, 

is limited to the problem of stereotypes at 

the breaks in message parte. 

Army and Kavy instructions urge the systematic use of variants where 
they exist; no Diplomatic mention of this point is found. 
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"Never send the same text la two telegrams, one la clear and the 
other la code or one encrypted with one code and the other with another 
code, or even with another key." This law is laid down in the "instruct- 
tion Secrete &u j5 fevrier 1936 relative ^ 1* organisation et an fonctionne- 
rneat du service de la C orrespondance Chiffree dans 1 'Arose en temps de 
paix et en temps de guerre" issued by the Cryptographic Section of the 
Army General Staff. It is added that, where necessary, the same 
substance, paraphrased and otherwise altered, may be Bent in two systems. 

The same rule can not be found in any Foreign Ministry instructionsp° 8 3 6 3 ^g^ usc 36Q5 
although the obvious ban on sending the same text in code and in clear 

Ited 

above. There is no evidence, however, either In writing or practice of 
the existence of a ban against repeating the same text in two different 
codes. 



seems to be Implied 




In the years since 19^1, the French have been notoriously lax 
in their cryptographic practices. This statement Applies especially to 
the Foreign Ministry, but the indictment of the Military services can 
be only slightly less strong. Whatever real security is enjoyed by 
French ccamuni cations results directly from, the use of a few inherently 
good systems. Short of physical loss, it is difficult to compromise 
completely a true one-time pad . But if the system itself is at all 
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vulnerable, the French can almost be counted upon to endanger It by 
violating the most Important rules of COMSBC . 

French violations of security fall under three headings. 

(l) Improper construction, of system, (2) Improper composition of crypto- 
grams (3) failure to observe the rules against encipherment of the seme 
text in two systems. 

A few examples of each hind of violation will suffice to illustrate 
the case: 

(l) Improper construction. 

(a) Both one-part and 2-part codes are re-generated one from 
another by simple re-pagination and re-lineatlon. 

(b) Additive key is systematically generated. 

(c) The sane key is used to encipher several codes. (Th© 

A ray has been especially derelict in this respect). 

Under this head might also be mentioned the fact that it has 
often happened that the compilation authorities have issued instructions 
for use of systems in an attempt to improve security, only to have their 
procedure provide new weaknesses for the analyst to exploit. Such a 
case was the Instruction that the groups for Indicating the parts of a 
multipart message cease to appear In clear at the end of the part, and 
be enciphered somewhere In the body of the text. At the time this 

3.3(h)(2) 

86-36/50 USC 3605 



change was made, it took three code groups to Indicate the part. Many 
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(2) Improper Composition. 

(a) Stereotyped beginnings are regularly employed. 

(b) Plain-text addresses are often repeated, enciphered. 

In the text. 

(c) When variants are available, certain ones are crver-used. 

(3) He- encipherment 

Of all rules of security, this Is possibly the most important. 
It is also the cone that has been violated the most flagrantly and with, 
the most dire results . The Foreign Ministry is by ah odds the chief 
offender cn this scare, although the Military are by no means free of 
guilt. He- encipherments usually came about for one of two reasons. 
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3. Do the French supervise copsnunl cations in order to detect 
ccaaprcsnlseB and take corrective action? 



There is some attempt to catch errors and see that they are not 



repeated, hut it can not he seen that this surveillance is either 

systematic, consistent or effective. EO 3.3(h)(2) 

PL 86-36/50 USC 3605 
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Physical c onpremises of military systems have teen, reported 




But most c onpremises resulting from blunders in conmunicatioa 

EO 3.3(h)(2) 

seem never to he caught. There have been few instances recently of PL 86-36/50 USC 3605 
military systems so endangered, but the history of 19^7 and 1 $k8 is full 




10 

ARMED FORCES SECURITY AGENCY 








This sheet of paper and all of its contents must be safeguarded with the greatest care.^Q 3.3(h)(2) 

Utmost secrecy is necessary to prevent drying up this sort of vital intelligence at its source.p|_ QQ.^Q/SQ USC 3605 




The conclusion, can he only that the security monitoring system 



of the French - if a formal one exists - is not doing its Job. 

EO 3.3(h)(2) 

PL 86-36/50 USC 3605 
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CONCHJSIOJJS 



The French Cryptographic Services, both Diplcwatic and Military, 
may he fairly presumed to understand the rules of craasunications 
security. However, the rules are too often violated "by the operating 
personnel and the errors too often go unnoticed by the authorities. 
These circumstances, coupled with the fact that moat traffic is sent in 
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systems or which 8T9 weakened. by unwise Pl_ 86-36/50 USC 3605 

methods of use, result in a ccmnml cation operation in which the 
©laments of insecurity considerably outweigh, those of security. 
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TAB A 

Quotations frcm Military Statements of Crypto-Security Doctrine 

I. Source . "Instruction eur lea conditions d'emploi du chiffre", 3 March 
1^40. CcHamndement en Clef dee Forces Aerienne, Etat - 
Major General. 

Chapter II, 7* 

Any encrypted message sent by radio-telegraph of radio- telephone 
can be Intercepted by monitor stations and thus constitute an element for 
study handed over to the enemy Cryptaaalytic Services. 

The results that they can expect from their labors are, in general, 
proportional to the number of documents available to them. 

Chapter III, 8. 

A cryptographic system may be ccmrpramised: 

Directly: 

When the methods of encryption become known to the energy as a 
result of theft of a document or a machine, loss or photographing of 
codes or keys, espionnage, indiscretions of cryptographic personnel 
concerning methods in use, etc. (it isn't necessary that a document 
disappear for it to be compromised. ) 

Indirectly: 

As the result of cryptographic studies that the enemy may 

undertake on encrypted messages which have fallen into his hands 

These studies can be considerably facilitated by: 
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Tec hni ca l errors by the ancryptor . 

The weakness of the methods employed. 

Abuse of cryptography, especially in lower echelons of the 
command; . . * * 

Cross-checking resulting from. Indiscretions by our services, etc. 
Chapter III, 2k, 

It ia absolutely forbidden to mix clear and cipher in the same 
message. 

Chapter III, 25. 

It is recommended that one avoid enciphering identical texts by 
means of different codes . 
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II. Source . "Instruction relative's. 1* organisation et au fonctlcnne- 

ment du service de la c orre spondanc e chi f free, lire Partie, 
Memento du Chiffreur", Secretariat d'Etat a la Guerre, 

EMA, Beiud&ae Bureau, 1941". 

The present Memento anrmlg and replaces the "Notice sur lea Proce&ee 
de Chiffrement dans lee Petites Unites" of 15 November 1929. 

Part II Chapter II, General Measures of Security 

1. Use of Cryptography 

Encryptment ie to he used only in cases of necessity. 

It Is not to he used If there are no serious disadvantages to 
transmitting the telegram in clear, or If the information to he sent or 
to he received can stand the delays of transmission hy ordinary mail. 

It is up to the authority sending the telegram, to decide 
whether it is to he encrypted or not. a 

Do not forget that indiscretion concerning a telegram the 
contents of which present only a relative Importance can have reper- 
cussions with respect to more important telegrams. 

Experience has demonstrated that It was relatively easy to 
procure texts of code telegrams, even when they pass only over national 
lines; it is therefore indispensable to take the precautions prescribed 
in the present Memento, even when the ccsmtni cations personnel is above 
any suspicion. 

9 i t SHHHH t K 

a. The "Instruction Secrete du 3 f^vrlsr 1936 relative a 1 'organisation 
et an fonctionnement du service de la correapondance chi f free dans I'Amee 
en temps de paix et en temps de guerre", whose section on ryptographic 
security ie for the most part Identical to this one, inserts the following 
paragraph at this points "As a rule, correspondence transmitted on French 
lines or going hy French stations will he encoded hy simple code; variants 
will he provided in order to increase the security of this coding pro- 
cedure (change of codehook, change of encoding) . " 

16 
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2 . Code Room 

Let no unqualified person enter the rooms where encrypting 
takes place, at any rate while encrypting is going on. Do not encrypt 
in a rccm where there are non -French persons, whoever they may be, and 
do not install the Cryptographic Service in an office to which foreigners 
regularly have access. 

jj. Cryptographic Opt' rat ions 

Unless absolutely impossible, use only officers In encrypt- 
ing and decrypting; do not entrust cryptographic operations and cryp- 
tographic documents to personnel which is constantly changing, is little 
or not known by the head of the Seivice, or does not inspire absolute 
confidence in him. 

L. Safggaa &kBS of Documents 

All equipment and documents relative to encrypted corres- 
ponrence must be preserved with the greatest care in a secure place, 
insofar as possible in solid pieces of furniture, provided with secret 
locks . 

Do not let the codebooks be seen by pereons who do not have to 
use them. Their dimensions, in fact, would give indications on their 
structure and the size of their vocabulary. The changing of a code- 
book, revealed by the change in color of the cover, is a valuable 
Indication for 'unauthorized persons. Same precautions, of course, for 

secret instructions and papers which have served in the cncryptment. 

Open the cipher machines only for ciphering operations. 

'Then lock them during periods of non-use . Do not leave the machines 
"on key" during their moving. 
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If a machine is damaged, never entrust the repair of a part 
to a non- quail fled person ( a civilian worker, for example). 

a 

Request the exchange of the machine for a machine in good condition. 

It is strictly orbidden to keep information or documents 
concerning encrypted correspondence on one's person or in personal 
articles of furniture. It is absolutely forbidden to make extracts 
from codebooks under the pretext of collecting frequent wordB. 

Loose sheets are the sort of thing that can bocame lost or are in 
danger of being sneaked away more easily than documents. 

5* Cryptographic Worksheets 

AH papers which have served in encrypting and decrypting 
are secret documents, of the same Importance as the codebooks and 
machines themselves. 

These worksheets must be burned {and not only tom up) 

b 

as soon as they as they are no longer useful. 

6. Use of the telephone 

Give no infoimation by telephone relative to cryptographic 
operations or explanations on a cryptographic system. Everyone has 
had the experience of hearing others in conversation over the telephone. 

It is therefore a very insecure way of corresponding . 

7. Wording of telegrams. Discretion to be observed. 

It is forbidden anyone having knowledge of an encrypted 
telegram to speak of it to any person whomsoever who is not qualified 

a. The preceding two paragraphs do not appear in the "Instruction Secrete" 
of 1936/ 

b. The "Instruction Secrbte" of 19p6 adds the following paragraph: "Bum 

the old key as soon as the new one Is put into service". 
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to know about it. 

Any Indiscretion, however insignificant it may appear, ie 
in fact of such nature as to ccmprcsaiso, sometimes irremediably, the 
secrecy of a document, 

8. Paraphrasing of telegrams 

It is forbidden to reprocuce textually and explicitly an 
encrypted telegram in a report, even if it is a secret one. 

When the receipt of en encrypted telegram obliges any 
authority whatever to give orders or instructions relating to it, or 
to make a communications to another Department or to the press, all 
provisions must be made so that these orders, instructions or communi- 
cations never permit the reconstruction of the telegram by anyone 
whomsoever . 

The paraphrasing of the communications to the press must be 
done with tho greatest car©, that is, the tort must undergo such changes 
of form that, all the shades of meaning being respected, the initial 
wording could not be recognized or reconstructed (change the words, 
especially the beginnings and ends, bring together into a single copy, 
the parts of the same telegram, etc . ) 

This precaution is of capital importance and the author of the 
communication is accountable if it is not carried out. 
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Chapter III. Technical Security Measures 
1. Drafting of telegrams 

Cryptanalysts "base their work upon repetitions of groups. 
Consequently, hare the authorities who draft the telegrams adopt, if 
possible, a restrained style, stripped of useless formulas, approaching 
what is called telegraphic style. 

The Cryptographic Service does not have the right to change a 
wording unless it has "been ejcpressly authorized to do so by the authority 
from which the telegram emanates. But it has the right to propose to 
that authority any changes in wording susceptible of avoiding lengthiness, 
spell groups, repetitions of groups, in a word, everything that can 
afford an opening for cryp tana lytic study. 

Tho Cryptographic Service is, however, qualified to make 
slight changes in form such as the transferring of the number and ref- 
erences, which the drafters usually place at the beginning of a telegram, 
a 

to the end. 

2. Encrypting of telegrams 

(a) Be well acquainted with the cryptographic documents. Apply 
strictly the cryptographic rules which indicate the way to use them. 
When the encrypting system chosen involves the use of a codebook, 
the telegram must be encoded in such a way as to utilize to the 
fullest the facilities afforded by that codebook through the use of 

a. This paragraph does not appear in the "Instruction Secrete" 
of 1936. 
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sentences or expressions which appear in it, and to avoid repetitions 
or spell groups. Thus several groups are gained in a telegram. 

(b) When a word does not exist in the codehook, Bpell it out 
in syllables or letters which are encoded sucessively. 

Several consecutive words thus encoded, by their consecutive 
ports are separated from each other by a null group when this 
precaution seems necessary for the clarity of the translation. 

Use the group "Separation of spell groups" if that group appears 
in the codebook. .... 

(c) Encoding of repeated words. 

If a repeated word has several variants in the codebook use 
them in turn. 

If it has no code group and must be spelled by syllables, 
spell it in a different manner each time it recurs ..... 

(d) Stereotyped formulas . 

Avoid the frequent use of set textual formulas, called 
stereotyped, euch as "I have the honor of reporting to you", 

"in reply to your telegram", etc. 

These formulas give rise to series of groups in which 
repetitions frequently arise. 

(e) Use of null groups 

To conceal repetitions of groups in the formulas often 
employed, such as the stereotyped formulas referred to above, it is 
recommended that they be disguised by the null groups. These are 
interspersed among the words or By.13a.bles or else, in short telegrams 
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of on© or two groups, placed at "beginning or end. 

Hull groups are also advantageously employed under the 
following conditions: Placed at the beginning or end of an 

encrypted text, they prevent the cryptanalyst frcsn making 
hypotheses on the beginning or end of the telegram, hypotheses 
which practice often shows to be fruitless. 

Interspersed between two letters or two syllables which are 
repeated in a spelled word, they hamper the work of the crypt- 
analysts 

Finally, used to represent punctuation in place of groups 
specially designed for that use, they avoid the repetition of 
those groups. 

(f) Use of punctuation and grammatical formulae 

Suppress unnecessary articles and conjunctions in the process 
of encrypting. 

Use punctuation and grammatical formulas only in case of 
absolute necessity, when their use is indispensable for the under- 
standing of the text. 

The observance of these rules presents the double advantage 
of reducing the length of the telegram and of avoiding repetitions. 

In general a verb in the present tense is given through its 
infinitive, and a past participle after an auxiliary by the 
infinitive. 
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(i) Hever send, tiro telegrams with the same text, either one In 



clear and the other in cipher, or one encrypted with one codehook and the 
other with another codehook, or even with another key. If a telegram ie 
intended for two authorities who do not have the same materials for 
corresponding, introduce null groups at "beginning and end. The length 
can he changed by introducing prepositions and articles, and by encoding 
in separate words the formulas which appear ready made in the codehook, 
or again by dividing the two telegrams into parts in an altogether 
different way. 

jj. Dividing of telegrams 

When the draft of a telegram is very long or when, because of 
many null groups, the number of groups must be increased, it is advisable 
to divide that telegram into several distinct telegrams. .... . 

Each of the parts must then he encrypted hy means of a different 
key if the encrypting system permlts. a * 



a. This is followed in the "Instruction Secrete” of 1936 by: 

"bo Precaution to be observed in the use of radio . 

"The intensive use of radio, an insecure means of transmission, 
imposes an even stricter discipline in th° matter of encrypting in that, 
since the waves can he :lntercepted hy any unauthorized person, the infor- 
mation entrusted to radlotelegrapiay can he exploited hy foreign intelli- 
gence services. 

"Consequently, it is important to apply strictly all the regula- 
tions on the subject of precautions to he taken: 

"a. To preserve the secret nature of all the cryptographic 
documents; 

"b. To let these documents he used only hy absolutely qualified 
persons, as a rule officers, who are alone responsible for the documents 
which are entrusted to them (Codes and Methods of using them. ) . 

"All radio-telegrams must he superenciphered. It ie absolutely 
forbidden to send radio- telegrams in unenciphersd code." 
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Chapter IV. Errors. Repetition and Verification of Telegrams . 



3. Reply to Vorlflcat.lan Requests 

Any Crypto, graphic Service which receives, by encrypted telegram, 
a request for verification of a cryptogram encrypted by it, must proceed 
in the following manner : 

a. Verify the original encryptment, and, if it is found to be 
correct, send back exactly the same encrypted text with the same number, 
without modifications or additions; 

b. If the original ancryptmant is incorrect, or if you no 
longer have the documents necessary for verification, send a new tele- 
gram, modifying the wording as much as possible, above all the beginning 
and the end, and indicating that it is a verification. Nothing in the 
new cryptogram must recall the first one . 

The new telegram will receive a number different from 
that of the first. 

Date and time will be those of the verification, and not 
those of the original telegram. 
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